crowdsecurity
diff --git a/‎.tests/unifi-cef/cef-logs.log‎
Lines changed: 1 addition & 0 deletions b/‎.tests/unifi-cef/cef-logs.log‎
Lines changed: 1 addition & 0 deletions
@@ -1,2 +1,3 @@
 CEF:0|Ubiquiti|UniFi Network|9.4.19|544|Admin Accessed UniFi Network|1|UNIFIcategory=System UNIFIsubCategory=Admin UNIFIhost=Unifi Dream Machine UNIFIaccessMethod=web UNIFIadmin=Secure Admin src=10.72.1.222 UNIFIutcTime=2025-09-04T08:32:58.445Z msg=Secure Admin accessed UniFi Network using the web. Source IP: 10.72.1.222
 0|Ubiquiti|UniFi Network|9.4.19|201|Threat Detected and Blocked|7|proto=TCP src=10.0.0.100 spt=52331 dst=192.168.0.233 dpt=443 UNIFIcategory=Security UNIFIsubCategory=Intrusion Prevention UNIFIhost=Express 7 UNIFIdeviceMac=84:78:48:80:0d:86 UNIFIdeviceName=Express 7 UNIFIdeviceModel=UX7 UNIFIdeviceIp=192.168.0.1 UNIFIdeviceVersion=4.3.9 UNIFIrisk=medium UNIFIipsSessionId=54725290909450 UNIFIipsSignature=ET DROP Dshield Block Listed Source group 1 UNIFIipsSignatureId=2402000 UNIFIutcTime=2025-08-30T17:53:21.915Z msg=A network intrusion attempt has been detected and blocked.
+Oct 26 20:01:31 Express-7 CEF:0|Ubiquiti|UniFi Network|10.0.140|201|Threat Detected and Blocked|7|proto=TCP src=198.51.100.10 spt=46621 dpt=80 act=blocked app=HTTP UNIFIcategory=Security UNIFIsubCategory=Intrusion Prevention UNIFIhost=Express 7 UNIFIrisk=medium UNIFIpolicyName=DShield Block List UNIFIpolicyType=IDS/IPS UNIFIdirection=incoming deviceInboundInterface=Internet 1 UNIFIdeviceMac=84:78:48:80:0d:86 UNIFIdeviceName=Express 7 UNIFIdeviceModel=UX7 UNIFIdeviceIp=192.168.0.1 UNIFIdeviceVersion=4.4.6 UNIFIsrcZone=External UNIFIsrcRegion=GB UNIFIdstClientAlias=DS920+ macvlan UNIFIdstClientMac=02:42:c0:a8:00:e9 UNIFIdstZone=Internal UNIFItotalBytes=58 UNIFItotalPackets=1 UNIFIpacketsReceived=0 UNIFIpacketsSent=1 UNIFIbytesReceived=0 UNIFIbytesSent=58 UNIFIflowCount=1 UNIFIflowId=null UNIFIflowStartTime=Oct 26, 2025 at 7:59:41.239 PM UNIFIipsSessionId=1018933471454856 UNIFIipsSignature=ET DROP Dshield Block Listed Source group 1 UNIFIipsSignatureId=2402000 UNIFIutcTime=2025-10-26T19:01:31.807Z msg=A network intrusion attempt from 198.51.100.10 to DS920+ macvlan has been detected and blocked.
Original file line number	Diff line number	Diff line change
`@@ -1,2 +1,3 @@`
`1`	`1`	`CEF:0\|Ubiquiti\|UniFi Network\|9.4.19\|544\|Admin Accessed UniFi Network\|1\|UNIFIcategory=System UNIFIsubCategory=Admin UNIFIhost=Unifi Dream Machine UNIFIaccessMethod=web UNIFIadmin=Secure Admin src=10.72.1.222 UNIFIutcTime=2025-09-04T08:32:58.445Z msg=Secure Admin accessed UniFi Network using the web. Source IP: 10.72.1.222`
`2`	`2`	0\|Ubiquiti\|UniFi Network\|9.4.19\|201\|Threat Detected and Blocked\|7\|proto=TCP src=10.0.0.100 spt=52331 dst=192.168.0.233 dpt=443 UNIFIcategory=Security UNIFIsubCategory=Intrusion Prevention UNIFIhost=Express 7 UNIFIdeviceMac=84:78:48:80:0d:86 UNIFIdeviceName=Express 7 UNIFIdeviceModel=UX7 UNIFIdeviceIp=192.168.0.1 UNIFIdeviceVersion=4.3.9 UNIFIrisk=medium UNIFIipsSessionId=54725290909450 UNIFIipsSignature=ET DROP Dshield Block Listed Source group 1 UNIFIipsSignatureId=2402000 UNIFIutcTime=2025-08-30T17:53:21.915Z msg=A network intrusion attempt has been detected and blocked.
	`3`	+Oct 26 20:01:31 Express-7 CEF:0\|Ubiquiti\|UniFi Network\|10.0.140\|201\|Threat Detected and Blocked\|7\|proto=TCP src=198.51.100.10 spt=46621 dpt=80 act=blocked app=HTTP UNIFIcategory=Security UNIFIsubCategory=Intrusion Prevention UNIFIhost=Express 7 UNIFIrisk=medium UNIFIpolicyName=DShield Block List UNIFIpolicyType=IDS/IPS UNIFIdirection=incoming deviceInboundInterface=Internet 1 UNIFIdeviceMac=84:78:48:80:0d:86 UNIFIdeviceName=Express 7 UNIFIdeviceModel=UX7 UNIFIdeviceIp=192.168.0.1 UNIFIdeviceVersion=4.4.6 UNIFIsrcZone=External UNIFIsrcRegion=GB UNIFIdstClientAlias=DS920+ macvlan UNIFIdstClientMac=02:42:c0:a8:00:e9 UNIFIdstZone=Internal UNIFItotalBytes=58 UNIFItotalPackets=1 UNIFIpacketsReceived=0 UNIFIpacketsSent=1 UNIFIbytesReceived=0 UNIFIbytesSent=58 UNIFIflowCount=1 UNIFIflowId=null UNIFIflowStartTime=Oct 26, 2025 at 7:59:41.239 PM UNIFIipsSessionId=1018933471454856 UNIFIipsSignature=ET DROP Dshield Block Listed Source group 1 UNIFIipsSignatureId=2402000 UNIFIutcTime=2025-10-26T19:01:31.807Z msg=A network intrusion attempt from 198.51.100.10 to DS920+ macvlan has been detected and blocked.